Events
  Projects 
  Board
  Consultants  
  Team
  Volunteers
  General
  Insights
  Interviews  
  In The Media  
  Form  
  List  
  Full Name :
  Email :
     
 
Virtual Activism
AHRF
Lebanese Estate
LERC
CDHR
Spark Rent a Car
Linking Lebanon
ITEC
WLCU
World Youth Alliance
Music
 
   
MEPI Center for Global Strategies LAU - CEP
How do thieves steal your PIN code?

How do thieves steal your PIN code?

Ana Maria Luca - NOW Lebanon
Over 1.5 million tourists visited Lebanon this summer, official statistics say. But some of these visitors were not in the country for the Byblos Festival, the luxury beach resorts or the nightlife in Gemmayzeh. They were here to install devices on public ATMs that copy bank customers’ PIN codes and clone credit cards, which they are now using all over the world to extract money from victims’ accounts.

“Apparently around 100 Eastern Europeans landed in Lebanon in August and September and installed skimming devices on many ATMs to steal information and PIN codes,” said a bank employee who wished to remain anonymous, as the Central Bank banned financial institutions from talking to the press. “They are now out of Lebanon and withdrawing the money from different parts of the world. [Bank authorities] don’t want to disclose how big the damage is, but rumor has it that they stole a lot of money.”

Most banks have recently issued warnings for their customers and closed their ATMs, although these efforts come months after most of the damage was done.

Lebanese banks have also restricted their card acceptance at points of sale in Eastern European countries such as Bulgaria, Romania, Turkey and Ukraine. Lebanese bank customers also can’t use their cards in Italy, Mexico, Peru and South Africa, countries where most of the skimming networks are based or operate from. In any country not on the “black list”, the client is allowed to withdraw money from an ATM only after calling their bank in Lebanon and giving complete identification.

Lebanon, a new destination
 
Lebanon is not the usual target for credit card cloning operations, but as it attracts more tourists, it attracts more money, and thus more scammers.

ATM scams have been widespread in both United States and in Western Europe for almost a decade. The police in most European Union countries already have special teams to crack down on card cloning and identity theft and often issue public warnings, while banks have special hotlines where clients can report fraud.

The Eastern European networks are usually considered the most effective in identity theft and credit card cloning. According to police reports in several West European countries, cloning networks are usually split in two. The “brains” is the team installing devices on ATMs and stealing data from credit cards in a certain country. This team sends the information by internet to another country, where the cards are forged and distributed to people who can use them at any ATM in the world.

How they do it

There are three main ways card cloning networks steal the data they need, the skimming technique being the most widely used.

To skim account information, an electronic unit is attached to the card slot on an ATM, which records the victim’s account information. A hidden camera usually placed in a leaflet box nearby records the customer entering his or her PIN code. The card is returned without the victim knowing anything unusual has taken place.

In recent years banks have redesigned ATMs to make this much more difficult, which appears to have forced criminals to resort to the less-sophisticated “Lebanese loop” method, experts say. This technique was named after the Lebanese gangs who invented it in Great Britain in the 1990s. 
 
To do a Lebanese loop, a sleeve or strip of thin metal or plastic is placed inside the slot of an ATM so it does not eject cards. Thieves positioned nearby watch the victim enter the PIN, and when they leave the machine and their trapped card, the offenders quickly withdraw money before the transaction is cancelled. Although obviously frustrating, victims of the “Lebanese loop” at least know that their card has been trapped and will probably go to into the bank to get it back, thus tipping them off that a scam has taken place. Skimmed cards are returned to the owner without the victim learning about the offence until much later.
 
The third and most basic method is called a physhing scam. The victim receives an e-mail or phone call from a person claiming to represent their bank. The scammer asks the account holder for their e-banking user name and password as well as their PIN code for administrative or maintenance purposes.

In Lebanon’s case, the scammers only used the skimming technique, since it used to be easy to install video cameras disguised as leaflet boxes on most Lebanese ATMs. It worked so well that authorities only discovered the presence of the devices a few months ago.

Last February, the Internal Security Forces arrested two Eastern European women who were attempting to withdraw money from ATMs in Jounieh using cloned credit cards, but authorities did not have the foresight to take action to prevent fraudsters from spreading across the country last summer and wreaking untold damage.

  Website Designed & Developed By ITEC (Innovative Technology) All Rights Reserved